Backport #28191 by @yp05327
https://gitea.com/gitea/gitea-docusaurus/actions/runs/661/jobs/0#jobstep-9-39
I noticed that there are many warning logs in building docs.
It is causing 404 in docs.gitea.com now, so we need to fix it.
And there are also some other problems in v1.19 which can not be done in
this PR.
Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 4b89c0f996d62bec6a03d129c0fde2e6ef332c0f)
Backport #28200
gitea doctor failed at checking and fixing 'delete-orphaned-repos',
because table name 'user' needs quoting to be correctly recognized by at
least PostgreSQL.
fixes#28199
(cherry picked from commit 7cae4dfc0048db02bef34ff1b8726e82b052fb85)
Backport #28184Fix#25473
Although there was `m.Post("/login/oauth/access_token", CorsHandler()...`,
it never really worked, because it still lacks the "OPTIONS" handler.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 23838c2c2eaf596bffd5331406be99edc264883c)
Backport #28101 by @lng2020
Reverts go-gitea/gitea#27141close#28097
Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
(cherry picked from commit a2314ca9c5e17db140e66c7031cbfb97e04e41e5)
- "Gitea" is automatically being determined in Swagger and cannot be
overridden, therefor we override it after `swagger generate spec` is run.
- Resolves https://codeberg.org/forgejo/forgejo/issues/226
(cherry picked from commit 0b453807656b6fbe54284d865e59880460f3d253)
[BRANDING] Change Swagger title to Forgejo API
(cherry picked from commit 79f6a70b53421be9984a9ad96ebd0d06ab5af02e)
(cherry picked from commit 6cd47afe3366a615d40655a435275d5543910065)
(cherry picked from commit a7ae2e4c09431cd7a1f18c5b87b9dd87981b538d)
(cherry picked from commit 59f837e4661233dafc202ded9ad907dbdf7e3e69)
(cherry picked from commit c1c3d1f0e63b880baa32d285d3eba6034137b45a)
(cherry picked from commit 4b088713fb0a55c2c37f734ce82f13190ca412dd)
(cherry picked from commit 3df1d2137112a95279a8c84a8601e4c137d75d4f)
(cherry picked from commit a4a5fdbde4f9ebbf5ba6ba66c8f20a89e54860de)
(cherry picked from commit 57aa9ed710a95aa51ae3824873c3766b38da7850)
(cherry picked from commit 948b49bf9449af744a1f2e1324187897ed1c0809)
(cherry picked from commit be4929ab6a802d7d748f537ab8b798e30588c1d4)
(cherry picked from commit 9ecb507457d8a6aa60713762a1a5d2995ed986e5)
Conflicts:
templates/swagger/ui.tmpl
(cherry picked from commit 8e57e688637b9fbd3c33d3e38aed8768a2c07208)
(cherry picked from commit f0b3f621e34130c75b35c113ad509ab73118e123)
(cherry picked from commit 5b0a6d093ea5210a5ba27705b1d1636e23da8738)
(cherry picked from commit 2e0f6b5de8837a439ecadaf3434d006d7014016c)
(cherry picked from commit bb08076f5c26481d78855823c2daa1a76d3865fb)
(cherry picked from commit 5c9360e38a41a4494b1b1b247f9d57b1a0d91ef0)
(cherry picked from commit 2f277561489e1228af163fa4e5d153ceb7eec864)
(cherry picked from commit 6fce7eeb511d949249e045a995cc637d3788a1f0)
(cherry picked from commit 8d27e7bebd961468bd492c4d64e132a46d97f62b)
(cherry picked from commit fda2ee2aaedac8f394d9fc38085f768c775d2c38)
(cherry picked from commit fe0489a4d856655fdcf93c16a41995709c47f78f)
(cherry picked from commit fe9479b357d2ef0f5fd8247e8356ce7c75135b88)
(cherry picked from commit 1deadb2f35c8c0c87cd93b6f04675312b1e667bb)
(cherry picked from commit d1cb84b2f225c484755172735841e3b75abce409)
(cherry picked from commit 9de15d49f8ff0ef0803e8b3a7437a45358e924b9)
(cherry picked from commit 461fbe219c30de7e756ce2cb6dbc354417655a6f)
(cherry picked from commit f39bf3ba5b6325898968533e79fdfc5fe74c3810)
(cherry picked from commit b3f31c2f7bc5b4f5ed3f7fb6e6a6649331eb179a)
(cherry picked from commit b9f493c139bc40bb5aaf361b813019968be75968)
(cherry picked from commit 83781b16411d49f2f27b622ac3e806234b477984)
(cherry picked from commit 4438ee0434f88fc0dcb917304a5baf5b8c2d11a8)
(cherry picked from commit 56b6b368334fe3d11fb55b8e35bbfc314f45405a)
(cherry picked from commit d42aa19f27cb984693d3be7084059f5bd946ae3e)
(cherry picked from commit 4b7eb6a93bf9700e491e8bf99cf76b19f481cac4)
(cherry picked from commit 9d17e95951e17528cd912028544421264f531eca)
(cherry picked from commit 31d3f4bb01d0260da4b6e71b055b28f11dc6cce3)
(cherry picked from commit c428c3f14c770dd2f4a2f1320f7bf047933d1057)
(cherry picked from commit 07fbe2ba69)
Conflicts:
templates/swagger/v1_json.tmpl
remove trailing dot
Backport #28160 by @yp05327
Since #27054, Actions are enabled by default. so we should also edit the
document. 😃
ps: I think this should be backport to 1.21.0.
Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 447422fe27b52c182a14519195dc11b663e315cd)
Backport #28143 by @wxiaoguang
Compare by ignoring spaces:
https://github.com/go-gitea/gitea/pull/28143/files?diff=split&w=1
When the form is going to be submitted, add the "is-loading" class to
show an indicator and avoid user UI events.
When the request finishes (success / error), remove the "is-loading"
class to make user can interact the UI.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit ffab076b72fb5822531f24f9e608f3b49bb2d324)
Backport #28100 by @lng2020
https://github.com/go-gitea/gitea/pull/27946 forgets to change them in
code. Sorry about that.
Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
(cherry picked from commit 56bedf2bccc7b9a98b94d1d5016231e7b68cd75d)
Backport #28085 by @wxiaoguang
Fix#28083 and fix the tests
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit f7567f798d0d9dd3379051121b8b89abf09f938f)
Backport #27610 by @evantobin
Fixes#27598
In #27080, the logic for the tokens endpoints were updated to allow
admins to create and view tokens in other accounts. However, the same
functionality was not added to the DELETE endpoint. This PR makes the
DELETE endpoint function the same as the other token endpoints and adds
unit tests
Co-authored-by: Evan Tobin <me@evantob.in>
(cherry picked from commit 93ede4bc83ccb231b9ca67041318a0811d1d34dd)
Backport #28072
To avoid unnecessary database access, the `cacheTime` should always be
set if the revision has been checked.
Fix#28057
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 9f63d27ec4041897bb393a5f132af609a4988bf2)
Backport changelog for v1.21.0 as Giteabot doesn't seem to be in the
mood for it
---------
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit bc6477b36b774b0c4616a0ac7af76ba2d56da081)
Backport #28040 by @JakobDev
Fixes https://codeberg.org/forgejo/forgejo/issues/1758
For some weird reason we need to cast this nil.
Co-authored-by: JakobDev <jakobdev@gmx.de>
(cherry picked from commit 124a9957d086a054f45ca79ea5c5b6b6461a7f56)
Backport #28019 by @anudeepreddy
Hi,
This PR fixes#27988. The use of `path.join`(which uses `/` as the file
separator) to construct paths and comparing them with paths constructed
using `filepath.join`(which uses platform specific file separator) is
the root cause of this issue.
The desired behavior is to ignore attachments when dumping data
directory. Due to the what's mentioned above, the function
`addRecursiveExclude` is not actually ignoring the attachments directory
and is being written to the archive. The attachment directory is again
added to the archive (with different file separator as mentioned in the
issue) causing a duplicate entry on windows.
The solution is to use `filepath.join` in `addResursiveExclude` to
construct `currentAbsPath`.
Co-authored-by: Anudeep Reddy <anudeepc85@gmail.com>
(cherry picked from commit 00cd5ba6f4eb444085649aae6167bed32463e76b)
Backport #28023 by @6543
there was no check in place if a user could see a other user, if you
append e.g. `.rss`
(cherry picked from commit eef41489357a6b57e81f7c9a0a5580553f0f66ef)
Backport #27946 by @lng2020
As title. Some attachments and file sizes can easily be larger than
these limits
Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
(cherry picked from commit d4122712f7c1b9d5d1cce5d20695641dc3e5ac1c)
- Backport https://codeberg.org/forgejo/forgejo/pulls/1742
- While looking trough the logs for unrelated things I noticed errors
for directory size calculations in `pushUpdates` that were being caused
by a race condition in which git was making temporary file,
`filepath.WalkDir` noticed that but by the time the second lstat
came(`info.Info()`) it was already gone and it would error.
- Ignore temporary files created by Git.
- There are other cases but much much more rarer and not trivial to detect.
Examples:
...s/repository/push.go:96:pushUpdates() [E] Failed to update size for repository: updateSize: lstat [...]/objects/info/commit-graphs/tmp_graph_Wcy9kR: no such file or directory
...s/repository/push.go:96:pushUpdates() [E] Failed to update size for repository: updateSize: lstat [...]/packed-refs.lock: no such file or directory
(cherry picked from commit 16ce00772d4bfba929168533ad58c3a618f28353)
(cherry picked from commit 2aebef847ff998b8c2aa3aad12706698cef078c9)
- Say to the binding middleware which locale should be used for the
required error.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1683
(cherry picked from commit 64faeb6bef900093a703e00ed0be452d70c3d326)
(cherry picked from commit c93dbe1a6a0cb88d34127f68e819d27d298c7077)
(cherry picked from commit 81fcaee761b0ac18ce836504e66b9f8c4ddb0767)
- If you attempted to get a branch feed on a empty repository, it would
result in a panic as the code expects that the branch exists.
- `context.RepoRefByType` would normally already 404 if the branch
doesn't exist, however if a repository is empty, it would not do this
check.
- Fix bug where `/atom/branch/*` would return a RSS feed.
(cherry picked from commit d27bcd98a41b69e313535e5e91e4272136a4bab1)
(cherry picked from commit 07916c87235f246c809d61b74c55e796eca23fc8)
(cherry picked from commit 2eedbe0c55cb7109eb722ab9172933a26e878307)
(cherry picked from commit 3810d905c6f90e3c44e61c6ba8b8f4a219976c0b)
- The review type '22' is a general comment type that is attached to
single codecomments, reviews with multiple comments or to simple approve
and request changes comment. This comment can be used to create a link
towards this action on an pull request.
- Adds an anchor to the review comment type, so that when its getting
linked to it, it actually jumps towards that event.
- This also now fixes the behavior that after you created a review you
will be redirected to that review and because this is an general comment
type other mails will also be 'fixed' such as the approved or request
changes.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1248
(cherry picked from commit 1741a5f1fe6adc68bb5f87bdd1c5bdc5bfaa45c7)
---------
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Caesar Schinas <caesar@caesarschinas.com>
(cherry picked from commit 89c9a498fd)
(cherry picked from commit a2e2ce79f4bf56e4a002b77f3ffbbf6cf739f469)
(cherry picked from commit 299e437379863b7b3a36b97862d3789a8be28c78)
(cherry picked from commit 91a224ce2d961930e41efb9695cef31b9afe0275)
(cherry picked from commit 3a89b23b3b1800dc2be466c2ffa6192a4edff2e1)
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.
(cherry picked from commit eff097448b1ebd2a280fcdd55d10b1f6081e9ccd)
[GITEA] rework long-term authentication (squash) add migration
Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"
(cherry picked from commit 4accf7443c1c59b4d2e7787d6a6c602d725da403)
(cherry picked from commit 99d06e344ebc3b50bafb2ac4473dd95f057d1ddc)
(cherry picked from commit d8bc98a8f021d381bf72790ad246f923ac983ad4)
(cherry picked from commit 6404845df9a63802fff4c5bd6cfe1e390076e7f0)
(cherry picked from commit 72bdd4f3b9f6509d1ff3f10ecb12c621a932ed30)
(cherry picked from commit 4b01bb0ce812b6c59414ff53fed728563d8bc9cc)
(cherry picked from commit c26ac318162b2cad6ff1ae54e2d8f47a4e4fe7c2)
- https://github.com/NYTimes/gziphandler doesn't seems to be maintained
anymore and Forgejo already includes
https://github.com/klauspost/compress which provides a maintained and
faster gzip handler fork.
- Enables Jitter to prevent BREACH attacks, as this *seems* to be
possible in the context of Forgejo.
(cherry picked from commit cc2847241d82001babd8d40c87d03169f21c14cd)
(cherry picked from commit 99ba56a8761dd08e08d9499cab2ded1a6b7b970f)
Conflicts:
go.sum
https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 711638193daa2311e2ead6249a47dcec47b4e335)
(cherry picked from commit 9c12a37fde6fa84414bf332ff4a066facdb92d38)
(cherry picked from commit 91191aaaedaf999209695e2c6ca4fb256b396686)
(cherry picked from commit 72be417f844713265a94ced6951f8f4b81d0ab1a)
(cherry picked from commit 98497c84da205ec59079e42274aa61199444f7cd)
(cherry picked from commit fba042adb5c1abcbd8eee6b5a4f735ccb2a5e394)
- Use the 'existing' jsonschema library for the nodeinfo integration test.
(cherry picked from commit 73864840f27274d4cdaef23d47a6a71fc60529c3)
(cherry picked from commit da36df306b7a75434c75ed5f63608e06266ca480)
Conflicts:
go.mod
https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 2b4ab46d8eacd2e6b2318f26e327ec59b804ea23)
Conflicts:
go.mod
https://codeberg.org/forgejo/forgejo/pulls/1617
(cherry picked from commit 8064130344eb0d797838f8444a6d5c0e3d425716)
(cherry picked from commit ca32f14bc215cdeabbf1643ef46a0c8c9e7f3ae8)
(cherry picked from commit 6a4abb928f556796041e2e59ec3b772d9b577009)
(cherry picked from commit 0059a44ae8066211c56754c56f3570076476af51)
(cherry picked from commit 8dc8451fd080bacea9947ab8da3ea33d0a4249ac)
- After stumbling upon https://github.com/golang/go/issues/22397 and
reading the implementations I realized that Forgejo code doesn't have
`Sync()` and it doesn't properly error handle the `Close` function.
- (likely) Resolves https://codeberg.org/forgejo/forgejo/issues/1446
(cherry picked from commit 0efcb334c2f123d0869a30d684189eb31e8b983f)
(cherry picked from commit 04ef02c0dd98c7437acb39383d311c0901366508)
(cherry picked from commit 85f2065c9bc6ded9c21909ec76a9e8fc2d22f462)
(cherry picked from commit 8d36b5cce66864e190bad3c9b0973e37ca774a22)
(cherry picked from commit 0f406dc4d2a440b6109f07223f387bd11e2e7e80)
(cherry picked from commit 347a2e7372583aa63e54dc906091437b45ecdb72)
(cherry picked from commit f6c04d6b8626c1c500f773e10e9839469149f285)
(cherry picked from commit cf8b64f937c533efddbe94f050851e8db72d7e06)
The installation instructions of a Maven package places the `url` child
of the `repository` node in an extra indentation level. This indentation
is unnecesary since both the `id` and `url` nodes are direct children of
the `repository` node.
This commit removes the unnecessary indentation.
Refs: https://codeberg.org/forgejo/forgejo/pulls/1534
(cherry picked from commit 82f0ddad7bfcb40595d0f79220834377b04382d8)
(cherry picked from commit 905e546549bc69460d93f6e30bbe93124e924e57)
(cherry picked from commit 4e58ab82b77a8f4e6f994fc21b42fb70f0629778)
(cherry picked from commit 2f207e7deb692e8b356881017f615cf03c27fc38)
(cherry picked from commit c3552fb2be0704edb7056f312e32244449a7b35b)
(cherry picked from commit 6c8e4d4fc9a2b6d42861ac603736a85806d88f7c)
(cherry picked from commit a9f7fa924cf6e07e2cf938b9cda59cfc76622bac)
(cherry picked from commit 4592a73f57b7ad758fe9b723ba98398ab7141012)
- Add a indication to the file history if the file has been renamed,
this indication contains a link to browse the history of the file
further.
- Added unit testing.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1279
(cherry picked from commit 72c297521b1830360aab4b50e37efcc7e67e0d5d)
(cherry picked from commit 283f9648947f8dd2f315ecca19566ccca2b49c18)
Conflicts:
options/locale/locale_en-US.ini
https://codeberg.org/forgejo/forgejo/pulls/1550
(cherry picked from commit 7c30af7fdee08efd02041c01abca47394a69bb8b)
(cherry picked from commit f3be6eb269526a9f4ea7861189f07977f2d4a32f)
(cherry picked from commit 78e1755b94c18c043e0c8f8c2849803cc8069feb)
(cherry picked from commit 9f30b92009e8911c99412944bcd7cff55a7b98dc)
(cherry picked from commit bb694684a4045150924c15aa5647e8e112321f02)
(cherry picked from commit 721f0ccf3ea7196dbb877a6c159d23d05c37978b)
(cherry picked from commit 6a6ec50130f9f31b5f9387ea6e43bc93b214dca4)
[GITEA] Detect file rename and show in history (squash) ctx.Locale
(cherry picked from commit 08698d747f5fd325327c21947f62326169329265)
- If there's a code comment that's received during the migration that
contains no diffhunk, skip it. This either means it was commenting on
old diffhunk or it's just a general codecomment. Forgejo supports
neither of such type of code comment.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1407
(cherry picked from commit ae463c7c559e02975ce5e758d8780def978eebee)
(cherry picked from commit bf48f02a86d6a193417f13a77031b8207a173dca)
(cherry picked from commit 10c3f102fa9135de37e9f73137ae5a9cf7072635)
(cherry picked from commit 828b4cc10cd0fc7e2540fe75e88b6ebf978c5c84)
(cherry picked from commit 6427fa65b641a32ead53779e3e7bda97704567df)
(cherry picked from commit 5b7a43c43fed0eb39e84edd652a699461f14fbbb)
(cherry picked from commit 49eb2566488a4857b2d2d2b0bd1d692c39beb028)
(cherry picked from commit 0be26ca144518f5961f88c0da99e37270bfb0005)
(cherry picked from commit c083236a589ae100128ba66b704c18fcd16201cf)
(cherry picked from commit 85738bc0a1058e0ac10a2ba9966d8e11d05544ad)
- Don't expect that rendering is done on a repository, use the given
issue to figure out the repository link.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1321
(cherry picked from commit 63f16652ca21809d2e088c46ddb88b84c08a5ad6)
(cherry picked from commit 821785d0af2fc2a41997675fc2809e1e45c0cdd8)
(cherry picked from commit 345742a0dc2b505a5bdc0747d4e2cda7136e735d)
(cherry picked from commit 2a37b91d7ced112b06d04950a9970cbd2d52f0f2)
(cherry picked from commit 9d40b409d715d336f68ec6306d8a928c171c85fc)
(cherry picked from commit c4c377e73312f36111d5f874195c9aebbb9c8635)
(cherry picked from commit 41f85e3bca361dbd1d58ea1573c9086ad82597b5)
(cherry picked from commit b5a2da8210a41e4ee8ab44a1d06893d66a70f906)
(cherry picked from commit 3a01437704a72a826c1bf3ce64fcd56303989ba4)
(cherry picked from commit a007f67f74fec914d9783f1b02b960a5dbbff26f)
- Currently the repository description uses the same sanitizer as a
normal markdown document. This means that element such as heading and
images are allowed and can be abused.
- Create a minimal restricted sanitizer for the repository description,
which only allows what the postprocessor currently allows, which are
links and emojis.
- Added unit testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1202
- Resolves https://codeberg.org/Codeberg/Community/issues/1122
(cherry picked from commit a8afa4cd181d7c31f73d6a8fae4c6a4b9622a425)
(cherry picked from commit 0238587c51e2c749413ca5a63e47590399fe5a2b)
(cherry picked from commit a8c7bbf728326b992e000a3d19c8833610f960c9)
(cherry picked from commit 80e05a8245092b4158c6c970ca0563181b40f2eb)
(cherry picked from commit f5af5050b34891ff16a4ef1f8e3d805fe135238d)
(cherry picked from commit 608f981e551db5f38550b622646cc307fe0566b9)
(cherry picked from commit 659186750201672391223fe4584b292e2ae26c62)
(cherry picked from commit b7e6dedafd84a7f240d7e36ce414659d3ecb7a84)
(cherry picked from commit 1cd196da49cbc352280affe8b391c70c95f64a81)
(cherry picked from commit 4c74fd4a041d19a9e0fd2280e00c1476e3f162a3)
